<?php 	
	header('Access-Control-Allow-Origin: *');
	header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept");
	header('Access-Control-Allow-Methods: GET, POST, PUT,DELETE');
	include('connect.php');

	$name = $_POST['name'];
	$permssion = $_POST['permission'];
	$loginkey = $_POST['loginkey'];

	$rows = [];

	// $sql = 'select '.$permssion.' from productslist';

	$sql = 'select loginkey from admin where user="guo"';

	$result = $db->query($sql);

	if($result->num_rows > 0){
		while($row = $result->fetch_array(MYSQLI_ASSOC)){
			$rows[] = $row;
		}
	}

	if($rows[0]['loginkey'] != $loginkey){
		$rows['code'] = '20001';
		$rows['msg'] = '无操作权限';
	}else{
		$sql = 'update admin set permission_products="'.$permssion.'" where user="'.$name.'"';

		$result = $db->query($sql);
		
		if($result){
			$rows['code'] = '20000';
			$rows['msg'] = '权限修改成功';
		}
	}

	echo json_encode($rows);